habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

outposts/proxy: match skipPathRegex against full URL on domain auth

Browse Source 
closes #1955

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer
2021-12-18 15:50:42 +01:00
parent d66f13c249
commit 7a73ddfb60
6 changed files with 95 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
internal/outpost/proxyv2/application/application.go
View File

@ -180,8 +180,14 @@ func NewApplication(p api.ProxyOutpostConfig, c *http.Client, cs *ak.CryptoStore
func (a *Application) IsAllowlisted(r *http.Request) bool {
for _, u := range a.UnauthenticatedRegex {
a.log.WithField("regex", u.String()).WithField("url", r.URL.Path).Trace("Matching URL against allow list")
if u.MatchString(r.URL.Path) {
var testString string
if a.Mode() == api.PROXYMODE_PROXY || a.Mode() == api.PROXYMODE_FORWARD_SINGLE {
testString = r.URL.Path
} else {
testString = r.URL.String()
}
a.log.WithField("regex", u.String()).WithField("url", testString).Trace("Matching URL against allow list")
if u.MatchString(testString) {
return true
}
}